Apache is unable to access /tmp in any way

Wed, 15 Feb 2023 00:42:24 -0800

This problem happened in a recent apache release before version 2.4.55. I encountered this after a system upgrade a month ago. 

Apache is unable to access /tmp in any way.


We may let apache host some external websites by:

> Alias "/ext" "/path/to/external"
> <Directory "/path/to/external">
>     Options Indexes
>     Require all granted
> </Directory>


You can access that through http://yourwebsite/ext


This works most of the time. Changing "/path/to/external" to any path 
works fine including /bin, /srv, /etc ...


Except for anything under /tmp.

I always get 403 Forbidden for that.


For other directories, as long as apache has access permission on them, 
I could always get their content listed.


Only for /tmp I get 403 Forbidden.


Indexing (/ext) and actual file accessing (/ext/index.html) are both 
forbidden.



Why is /tmp different from others?

Changing permission of /tmp to 755 does not work, either.


Debug log here:


> [authz_core:debug] [pid 4469:tid 140408108734144] 
mod_authz_core.c(815): [client 127.0.0.1:37804] AH01626: authorization 
result of Require all denied: denied
> [authz_core:debug] [pid 4469:tid 140408108734144] 
mod_authz_core.c(815): [client 127.0.0.1:37804] AH01626: authorization 
result of <RequireAny>: denied
> [authz_core:error] [pid 4469:tid 140408108734144] [client 
127.0.0.1:37804] AH01630: client denied by server configuration: /tmp/http



Build options:

> ./configure --sbindir=/usr/bin \
>     --enable-layout=Arch \
>     --enable-mpms-shared=all \
>     --enable-modules=all \
>     --enable-mods-shared=all \
>     --enable-so \
>     --enable-suexec \
>     --with-suexec-caller=http \
>     --with-suexec-docroot=/srv/http \
>     --with-suexec-logfile=/var/log/httpd/suexec.log \
>     --with-suexec-bin=/usr/bin/suexec \
>     --with-suexec-uidmin=99 --with-suexec-gidmin=99 \
>     --enable-ldap --enable-authnz-ldap --enable-authnz-fcgi \

>     --enable-cache --enable-disk-cache --enable-mem-cache 
--enable-file-cache \

>     --enable-ssl --with-ssl \
>     --enable-deflate --enable-cgi --enable-cgid \
>     --enable-proxy --enable-proxy-connect \
>     --enable-proxy-http --enable-proxy-ftp \
>     --enable-dbd --enable-imagemap --enable-ident --enable-cern-meta \
>     --enable-lua --enable-xml2enc --enable-http2 \
>     --enable-proxy-http2 --enable-md --enable-brotli \
>     --with-apr=/usr/bin/apr-1-config \
>     --with-apr-util=/usr/bin/apu-1-config \
>     --with-pcre2


Source:

https://www.apache.org/dist/httpd/httpd-2.4.55.tar.bz2


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org























					Reply via email to